Email Twitter LinkedIn Google Plus Hamburger
Incident Response
Get in touch

Security Testing

Discover security vulnerabilities before attackers do. Understand and prioritise remediation by finding out how your apps, systems and people respond to real world attack scenarios. Wherever your data assets are, they need constant protection from an ever-changing threat landscape.

Discover security vulnerabilities before attackers do. Understand and prioritise remediation by finding out how your apps, systems and people respond to real world attack scenarios. Wherever your data assets are, they need constant protection from an ever-changing threat landscape.

Red Team

We can offer bespoke Red-Team or Intelligence-Led Penetration Testing, based on our CREST-certified penetration testing service, for a more holistic test of your organisation’s resilience.

Our methodology has been designed to take your business’ risk profile into account, to ensure a clear indication of the resilience of your defenses to genuine attacks.

Our intelligence-led penetration testing enables organisations to better understand their risk profile; ensuring there is a specific focus on current risks that may exist in their business landscape. By using the same information sources, tactics and techniques as attackers, the output of the test will more clearly indicate the resilience of the organisation to genuine attacks.

Every business is exposed to the threat of attack. Intelligence-Led Penetration Testing simulates an attack scenario to improve resilience through better understanding of how your organisation reacts. Get in touch to find out more.

How?

The concept of red teaming or threat intelligence penetration testing is to undertake more realistic and specific threat based assessments of an organisation, typically over a longer period.

The approach involves simulation of a more sophisticated attack, combining a range of attack vectors, such as:

  • Social engineering
  • Phishing / spear phishing
  • Malware deployment
  • Traditional penetration
  • War dialling
  • Exfiltration of data

Engagements are planned and executed together with the client, making use of either the client’s threat-based intelligence or third party threat intelligence. Commissum can conduct specific intelligence gathering for an assignment if neither of these sources is available to the client.

Scenarios test more than technology defenses, providing an evaluation of detection and incident response capabilities.

Typical engagements include:

  • Initial planning with client
  • Intelligence gathering and collation of client, third party and Commissum intelligence inputs
  • Risk assessment – essential to ensure the realism of testing does not interrupt business operations unduly, and assessing the appetite for potential consequential risk
  • Agreement of measurement criteria for internal detection and response processes and assessment of the maturity of the organisation’s ability to deal with sophisticated attacks
  • Agreement of “fast-forward” criteria where phases may be curtailed to maintain momentum and time efficiency
  • Phased execution with agreed review points
  • Internal escalation of malware deployment / penetration
  • Data exfiltration
  • Wash-up meetings held as agreed during the testing, and a workshop session following the delivery of the report

Our personnel are experienced in delivering such services across a range of sectors, with the skills and knowledge required to undertake the intellectually demanding and sometimes technically difficult tasks required, within time constraints, while minimising any actual risk to client systems.

Find out how we work with clients to test their security and make recommendations for improvements.

READ OUR CASE STUDIES

In order for this site to work properly, and in order to evaluate and improve the site, we have placed cookies on your computer.

That's fine!